The document explains the birthday paradox, illustrating the counterintuitive probability of shared birthdays among a group, and notes that with 22 people, the chance exceeds 50%. It discusses how hash functions can lead to collisions, enabling a 'birthday attack' where attackers can exploit this probability to forge signatures. To mitigate this risk, it suggests using hash functions with a longer output length to make such attacks computationally infeasible.

1. Birthday Paradox

2. What is a Paradox…?
•A paradox is a statement or concept
that contains conflicting ideas.
• For example, consider a situation in which a father and his son
are driving down the road. The car crashes into a tree and the
father is killed. The boy is rushed to the nearest hospital
where he is prepared for emergency surgery. On entering the
surgery suite, the surgeon says, "I can't operate on this boy.
He's my son."
• The paradox is resolved if it is revealed that the surgeon is a
woman — the boy's mother. 2
©RkskEkanayaka

3. The Birthday Paradox
• There are n people in a room, what is the probability
that at least two people have the same birthday?
• For n=2: P(2) = 1 -
364
365
• For n=3: P(3) = 1 – (
364
365
×
363
365
)
• For n persons: P(n) = 1 – (
364
365
×
363
365
× … ×
365−𝑛−1
365
)
• With 22 people in a room, there is better than 50% chance that two
people have a common birthday.
• With 40 people in a room there is almost 90% chance that two
people have a common birthday. 3
©RkskEkanayaka

4. The Birthday Paradox…
• If n ≥ √365 then this probability is
more than half.
• In general, if there are k possibilities
then on average √𝑘 trials are
required to find a collision.
4
©RkskEkanayaka

5. Hash Functions
• A hash function takes a variable
length message M and produces a
fixed length message digest.
• If the length of the digest is m
then there are 2 𝑚 possible
message digests.
• More than one message will be
mapped to the same digest.
5
©RkskEkanayaka

6. Probability of Hash Collisions
• If we apply k random messages to our hash code
what must the value of k to have probability of
0.5 that at least one duplicate?
Using previous equation, we have
k = √2 𝑚
= 2 𝑚/2 6
©RkskEkanayaka

7. Birthday Attack
• Consider a hash function that gets an arbitrary
message and outputs a n-bit digest.
• There are 2 𝑛 possible digests.
• Then we need to try an average of 2 𝑛/2
messages to find two with the same digest.
• For a 64-bit digest, this requires 232
tries.
• For a 128-bit digest, this requires 264 (~1019)
tries. (That is computationally infeasible.) 7
©RkskEkanayaka

8. Birthday Attack…
• A is prepared to “sign” a message by appending
the appropriate m-bit hash code and encrypting
that hash code with A’s private key.
• An attacker generates 2 𝑚/2 variations on the
message, all of which gives the same meaning.
The attacker prepares an equal number of
messages, all of which are variations of the
fraudulent message to be substituted for the real
one. 8
©RkskEkanayaka

9. Birthday Attack…
• The two sets of messages are compared to find a pair of
messages that produce the same hash code. The probability of
success is greater than 0.5. If no match is found, additional
valid and fraudulent messages are generated until a match is
made.
• The attacker offers the valid variation to A for signature. This
signature can then be attached to the fraudulent variation for
transmission to the intended recipient. Because the two
variations have the same hash code, they will produce the
same signature; the attacker is assured of success even
though the encryption key is not known.
9
©RkskEkanayaka

10. How to avoid birthday attack
• To avoid this attack, the output length of
the hash function used for a signature
scheme can be chosen large enough so
that the birthday attack becomes
computationally infeasible.
• i.e. about twice as many bits as are
needed to prevent an ordinary brute-force
attack.
10
©RkskEkanayaka

11. References
• https://en.wikipedia.org/wiki/Birthday_problem
• https://en.wikipedia.org/wiki/Birthday_attack
• www.facweb.iitkgp.ernet.in/~sourav/lecture_note9.pdf
• https://www.youtube.com/watch?v=2bEL3ok8D70
• https://www.youtube.com/watch?v=jBXWuQGRosM
©RkskEkanayaka
11

12. Thank you.
12
©RkskEkanayaka